10 things you need to know about the new EU data protection regulation

The first EU Data Protection Directive was written in 1995 but a new, stronger regulation is being developed to take into account vast technology changes of the last 20 years. The plan is to finalise the regulation this year and implement it in 2017.

As with any regulation, the current draft could change. However, only minor changes were made between the last two drafts, despite lobbying attempts, and the latest version is possibly as close to final as we’ll see. Below are 10 of the most important elements European organisations should take away from the current draft, to help them prepare for 2017.

1. This is a regulation, not a directive

The terms regulation and directive are often used interchangeably, but they are very different. A directive is implemented and enforced by individual countries but regulations become law without change when they are passed. The current EU data protection directive resembles a patchwork of slightly different laws across Europe but the new regulation will be implemented in all 28 countries.

About Blue Cube

The Blue Cube ethos is to offer fully independent and accurate advice providing the expertise, technology and management skills to help identify where to protect, what to protect and how to protect corporate IT resources and enable secure access for authorised users.